The invention relates to a method and apparatus for preventing misuse of a copied subscriber identity in a mobile communication system.
In all telecommunication networks, both the users and the network operator must be protected as well as possible against undesired invasions by third parties. Consequently, there is need in the networks for many types of security functions. The most important features relating to the security of the network are (1) protecting the information conveyed by the network and (2) authenticating the users and controlling their access. The most important safety measure for protecting information in the foreseeable future is some kind of encryption. Authentication is a way by means of which an effort is made to ensure that information originates from the source it is claimed to, originate from. Typically, it is based on passwords and keys. Access rights refer to the ability to transmit and/or receive via a transmission channel. Access mechanisms are based on some kind of a password or key.
As transmission to mobile subscribers takes place by a radio connection, radio connected Public Land Mobile Networks (PLMN) are particularly sensitive to unauthorized users using their resources and eavesdropping on the information exchange on the radio path. This results from the possibility to listen to and to transmit radio signals from anywhere without having to gain access to the equipment of the user or the operator. It can be seen that better standards of security are required in PLMN networks than in conventional communication networks.
The basic structure of the Pan-European digital cellular radio system GSM (Global System for Mobile Communications) is illustrated by FIG. 1. The structure of the GSM network consists of two parts: a Base Station Subsystem (BSS) and a Network Subsystem (NSS). The BSS and mobile stations MS communicate by radio connections. In the BSS, every cell is served by a Base Transceiver Station (BTS). A group of base stations BTS are connected to a Base Station Controller (BSC) whose function is to control the radio frequencies and channels used by the BTS. The base station controllers BSC are connected to a Mobile Switching Center (MSC). The function of the MSC is to switch calls that involve at least one MS. Some MSCs are coupled to other communication networks, such as a Public Integrated Services Network (PISN), and they comprise switching functions for processing calls to and from these networks. Such mobile switching centers are referred to with the term Gateway MSC (GMSC).
Routing of calls involves two types of databases. In a Home Location Register (HLR) are stored, permanently or semi-permanently, subscriber data of all the subscribers of the network, such data containing information on all the services the subscriber is entitled to, and the subscriber""s present location. The second register type is a Visitor Location Register (VLR). The VLR is usually connected to one MSC, but it may also serve a plurality of them. The VLR is commonly integrated in the MSC. Such an integrated network element is referred to as a VMSC (VLR+MSC). When the MS is active (it has registered in the network, and may make or receive a call), the majority of the subscriber data concerning the MS included in the HLR is loaded (copied) into the VLR of the MSC in whose service area the MS is located.
The GSM system comprises a most secure authentication system. This also holds true of the derivatives of the GSM system, such as the DCS. The authentication system is based on a so-called challenge and response principle. Upon drawing up a subscriber contract, a secret subscriber authentication key (Ki) and an International Mobile Subscriber Identity (IMSI) are assigned to the subscriber. The Ki is stored in a network element serving this purpose in the GSM network, referred to as an Authentication Center (AUC), which is associated with or connected to the subscriber""s HLR. The AUC also contains a ciphering algorithm known as A8, an authentication algorithm known as A3, and a generator of random numbers RAND. On the basis of Ki and RAND, a ciphering key Kc is produced by the algorithm A8. Similarly on the basis of Ki and RAND, a Signed Response (SRES) is produced by applying the A3 algorithm. These three parameters, RAND, Kc and SRES form a triplet which is characteristic to the subscriber and which will be employed in later authentication and ciphering.
Referring to FIG. 2, the AUC comprises a database 20 to which the authentication key Ki of each subscriber in the GSM network is stored. A subscriber""s Ki may be retrieved from the database 20 by using the IMSI as an index.
To avoid computing and transmitting the triplet every time it is needed, the AUC/HLR computes several triplets for each subscriber in advance, and if required supplies them to the VLR to which they are stored. The MSC/VLR has at all times an unused triplet at its disposal for each visiting subscriber. The high level of security sets the condition that a triplet is used once only, for one connection, after which it is destroyed.
FIG. 4 illustrates a few of such subscriber-specific triplets. A security parameter file 40 comprises n triplets for each 1-n IMSIs. Such a reserve in the security parameter file 40 is established when a subscriber for the first time registers in a visited MSC and a VLR. It is part of the subscriber data that were loaded from the HLR in connection with an INSERT SUBSCRIBER DATA message.
Referring to FIG. 5, when a subscriber has used all the triplets at his disposal, a request is made to the AUC/HLR to compute and send back a new series. The supplementing procedure of the triplets consists of two messages: SEND PARAMETERS and a response thereto SEND PARAMETERS RESULT. The former contains the mobile subscriber""s IMSI which is used to retrieve the Ki for computing the triplets, as disclosed in connection with FIG. 2. The triplets computed are sent to the MSC/VLR in the SEND PARAMETERS RESULT message and they are stored in the VLR.
Referring again to FIG. 4, the MS transmits an access request to the MSC/VLR. The MSC/VLR retrieves a triplet assigned to the MS from the security parameter file 40 by using the IMSI as an index. On the one hand the MSC/VLR conveys the Kc value to the BSC""s channel equipment to be used in traffic channel coding, and on the second hand it conveys the RAND value to the MS in an AUTHENTICATION REQUEST message. This is illustrated by block 41 in FIG. 4. On the basis of RAND, the MS computes the other values of the triplet (SRES and Kc).
Now referring to FIG. 3, the mobile station comprises in its memory a copy of the mobile subscriber""s authentication key Ki, as well as the encryption algorithm A8 and the authentication algorithm A3. Upon receiving an AUTHENTICATION REQUEST message, the mobile station MS extracts the RAND from the message and feeds it and the stored Ki to the algorithms A3 and A8, respectively, to compute a signed SRES and the encryption key Kc. The computed SRES is conveyed to the MSC/VLR in an AUTHENTICATION RESULT message to complete the authentication, as illustrated in FIGS. 4 and 5.
Referring to FIG. 4, the MSC/VLR extracts the value of the SRES from the AUTHENTICATION RESULT message (block 42) and retrieves the stored value of the SRES from the file 40 (block 43). Following this, for this connection and prior to other processing, the MSC/VLR authenticates the mobile subscriber by checking that the SRES computed in the AUC/HLR is identical with the SRES (block 44) computed in the mobile station. If the two values are identical, access is allowed. If not, access is denied (block 46).
In the exemplary GSM system, the authentication of the mobile subscriber requires an identity unit, which is subscriber-specific. The terminal equipment proper is therefore not confined to a specific subscriber. The subscriber identity module, such as a SIM card, is a functional card or a smart card which is placed in the mobile station and which contains information, e.g. an authentication key Ki, required for identifying a subscriber and for encrypting radio traffic. In the present application, a subscriber identity module, such as a SIM card, refers to a functional card that can be removed from a mobile station and by means of which a subscriber is able to use a card controlled mobile station.
Consequently, if a subscriber identity module, such as a SIM card (Subscriber Identity Module) is in use, the user need not have a mobile station of his own, but a subscriber identity module issued to him by the operator of the mobile communication system is all he needs. Such a subscriber identity module can be, for example, a SIM card which is, in a way, a phone card by means of which the subscriber can make and receive calls from any mobile station of the system. On the one hand, it is the function of the SIM card to provide data that identifies the user safely secured for use by the mobile station, and on the other hand to provide services to the mobile station. The services include maintaining (entering, changing) the personal identification number, maintaining the data encryption key, i.e. the authentication key Ki, and unblocking a SIM card in case its use has been blocked as a result of too many attempts of entering a wrong PIN (Personal Identification Number). Unblocking of a blocked SIM card takes place e.g. by a PUK code (Personal Unblocking Key).
As an alternative way of implementing a SIM card in hand-held phones, a so-called plug-in-SIM has been introduced. A plug-in-SIM is a coin-sized part containing the electronics of a credit-card-sized SIM card, and it is placed in a phone so that the user is not able to replace it with ease. The phone may also have an incorporated plug-in-SIM and, in addition, a card reader. If the card reader contains a card, the phone is identified on the basis of the external card, otherwise on the basis of the incorporated plug-in-SIM.
In the sense of the present application, a mobile station (MS) thus consists of the following two parts: a Mobile Equipment (ME) and the Subscriber identity Module (SIM). The SIM card is specified in the GSM recommendation 02.17. The recommendation 11.11 defines in closer detail the issues specified in the recommendation 02.17 by determining e.g. the protocols between the SIM and the ME, the exact contents and length of the data fields in the SIM, and issues relating to the electronic and mechanical interface. An example of a data field contained by a SIM card is represented by IMSI (International Mobile Subscriber Identity), which identifies the mobile subscriber. Similarly within the scope of the present application, the concept SIM generally refers to a subscriber identity module, such as a SIM card, the small plug-in-SIM, the credit card sized functional SIM smart card, and the MS incorporated subscriber identity module containing the subscriber identity and the authentication key Ki, unless the context gives reason to some other interpretation.
According to GSM recommendations 02.17 and 11.11, three algorithms are used: A3, A5, and A8. The algorithm A3 is used for authentication, A8 for generating the encryption key and A5 for encryption. The algorithms A3 and A8 have been stored both in the SIM card and in the authentication center AUC. The algorithm A5 has been stored both in the ME of the mobile station and the base station BTS. In addition, e.g. the following information is stored in the AUC: the IMSI, the authentication key Ki and information on the version of the algorithm used. The same information is also stored in the mobile subscriber""s SIM card.
A problem in the prior art mobile communication system described above is encountered e.g. when the SIM card or information contained by it fall into the hands of a dishonest person. This may result from e.g. misplacement or stealing of the entire phone, or only the SIM card being stolen from the phone, whose information is copied to another SIM card. The system consequently comprises two SIM cards with identical information, i.e. the original card and a copy thereof. Any use of the copied card is harmful to the mobile subscriber having the original card, regardless of whether the misuse is plentiful or slight. In case the misuse is plentiful, it may result in high costs before the subscriber detects the problem in his next phone bill. On the other hand, if the misuse is slight the problem may not be detected for a long time. Within the scope of the present application, using a copied SIM card refers to any technique of deceitfully using the information in the SIM card of another mobile subscriber.
It is consequently the object of the present invention to develop a method and an apparatus implementing the method for solving the aforementioned problems related to misuse of a SIM card or information therein. The objects of the invention are achieved with methods and systems that are characterized by that which is disclosed in the independent claims. The preferred embodiments of the invention are set forth in the independent claims.
The invention is based on the view that the copied and original SIM cards cannot always roam in the same location areas in the mobile communication network. At least sometimes situations are bound to occur during which the copied and original SIM cards are within service areas of different mobile switching centers. Such a situation results in a location updating to the home location register. The existence and location area of a copied SIM card may then be detected on the basis of unexpectedly high activity of location updating between switching centers. Such a situation may be detected e.g. by maintaining an event counter in the mobile communication network, which counts location updatings carried out within a monitoring period. When the number of location updatings within the monitoring period exceeds a preset threshold value, a signal is produced that indicates a possible misuse.
The invention improves the security of the mobile communication system against misuse. The invention may be applied to a small, restricted clearly defined area in the software of the mobile switching center and/or the home location register. No modifications are required in the subscriber equipments or other parts of the network architecture.